Modeling safety and airworthiness (RTCA DO-178B) information: conceptual model and UML profile

Several safety-related standards exist for developing and certifying safety-critical systems. System safety assessments are common practice and system certification according to a standard requires submitting relevant system safety information to appropriate authorities. The RTCA DO-178B standard is a software quality assurance, safety-related standard for the development of software aspects of aerospace systems. This research introduces an approach to improve communication and collaboration among safety engineers, software engineers, and certification authorities in the context of RTCA DO-178B. This is achieved by utilizing a Unified Modeling Language (UML) profile that allows software engineers to model safety-related concepts and properties in UML, the de facto software modeling standard. A conceptual meta-model is defined based on RTCA DO-178B, and then a corresponding UML profile, which we call SafeUML, is designed to enable its precise modeling. We show how SafeUML improves communication by, for example, allowing monitoring implementation of safety requirements during the development process, and supporting system certification per RTCA DO-178B. This is enabled through automatic generation of safety and certification-related information from UML models. We validate this approach through a case study on developing an aircraft’s navigation controller subsystem.     

Quality-driven architecture development using architectural tactics

This paper presents a quality-driven approach to embodying non-functional requirements (NFRs) into software architecture using architectural tactics. Architectural tactics are reusable architectural building blocks, providing general architectural solutions for common issues pertaining to quality attributes. In this approach, architectural tactics are represented as feature models, and their semantics is defined using the Role-Based Metamodeling Language (RBML) which is a UML-based pattern specification notation. Given a set of NFRs, architectural tactics are selected and composed, and the composed tactic is used to instantiate an initial architecture for the application. The proposed approach addresses both the structural and behavioral aspects of architecture. We describe the approach using tactics for performance, availability and security to develop an architecture for a stock trading system. We demonstrate tool support for instantiating a composed tactic to generate an initial architecture of the stock trading system.     

The OsMoSys approach to multi-formalism modeling of systems

Analysis and simulation of complex systems are facilitated by the availability of appropriate modeling formalisms and tools. In many cases, no single analysis and modeling method can successfully cope with all aspects of a complex system: a multi-formalism multi-solution approach is very appealing, since it offers the possibility of applying the most suitable formalisms and solution techniques to model and analyze different components or aspects of a system. Another important feature that a successfull modeling approach should include is the possibility of reusing (sub)models: by composing parameterized submodels and then instantiating the parameters, complete models of different scenarios can be obtained and analyzed.This paper introduces an innovative approach to multi-formalism modeling of systems that is part of the OsMoSys (Object-based multi-formaliSm MOdeling of SYStems) framework. OsMoSys uses the proposed modeling approach to build multi-formalism models, and workflow management to achieve multi-solution. Our modeling approach is based on meta-modeling, allowing to easily define and integrate different formalisms, and on some concepts from object orientation. Its main objectives are the interoperability of different formalisms and the definition of mechanisms to guarantee the flexibility and the scalability of the modeling framework.     

Reactive mode handling of flexible manufacturing systems

This paper deals with a new modeling approach for mode handling of flexible manufacturing systems (FMS). Based on a review of the modeling methods and the specification formalisms in the existing approaches, we show that the mutual benefit of functional modeling and synchronous languages is very convenient for mode handling problem. We start by introducing the context of our work and the basic concepts of the proposed modeling approach. Then we present the steps of functional modeling and we illustrate them through an example of a flexible manufacturing cell. Functional modeling is completed by generic behavioral specifications representing the states of a subsystem or the whole system. The specification method is modular, hierarchical and supports reuse concept. The established model is generic and well adapted to our control system context. Mode handling function role within the control system is then studied. This function enables a reactive update of the availability of the resources and functions and the transmission of high level control and reconfiguration orders.     

On transient performance improvement of adaptive control architectures

While adaptive control theory has been used in numerous applications to achieve given system stabilisation or command following criteria without excessive reliance on mathematical models, the ability to obtain a predictable transient performance is still an important problem – especially for applications to safety-critical systems and when there is no a-priori knowledge on upper bounds of existing system uncertainties. To address this problem, we present a new approach to improve the transient performance of adaptive control architectures. In particular, our approach is predicated on a novel controller architecture, which involves added terms in the update law entitled artificial basis functions. These terms are constructed through a gradient optimisation procedure to minimise the system error between an uncertain dynamical system and a given reference model during the learning phase of an adaptive controller. We provide a detailed stability analysis of the proposed approach, discuss the practical aspects of its implementation, and illustrate its efficacy on a numerical example.     

A Meta-Modeling Approach for Autonomous Driving Scenario Based on STTD

In the current autonomous driving scenario modeling and simulation field, autonomous driving modeling driven by Spatio-Temporal Trajectory Data (STTD) is a key problem, which is significant to improve the safety of the system. In recent years, great progress has been achieved in the modeling and application of STTD, and the application of this data in specific fields has attracted wide attention. However, because STTD has diversity and complexity as well as massive, heterogeneous, dynamic characteristics, the research in the safety-critical field modeling still faces challenges, including unified metadata of spatio-temporal trajectories, meta-modeling methods based on STTD, data processing based on the data analysis of spatio-temporal trajectories, and data quality evaluation. In view of the modeling requirements in the field of autonomous driving, a meta-modeling approach is proposed to construct spatio-temporal trajectory metadata based on Meta Object Facility (MOF) meta-modeling system. According to the characteristics of spatio-temporal trajectory data and autonomous driving domain knowledge, a meta-model of spatio-temporal trajectory data is constructed. Then, we study the modeling approach of autonomous driving safety-critical scenarios based on the spatio-temporal trajectory data meta-modeling technology system, use the modeling language ADSML for automatic instantiation of safety-critical scenarios, and construct a library of safety-critical scenarios, aiming to provide a feasible approach for the modeling of such safety-critical scenarios. Combined with the scenarios of lane changing and overtaking, the effectiveness of the meta-modeling method for autonomous driving safety scenarios driven by spatio-temporal trajectory data is demonstrated, which lays a solid foundation for the construction, simulation, and analysis of the model.     

Automated test generation using model checking: an industrial evaluation

In software development, testers often focus on functional testing to validate implemented programs against their specifications. In safety-critical software development, testers are also required to show that tests exercise, or cover, the structure and logic of the implementation. To achieve different types of logic coverage, various program artifacts such as decisions and conditions are required to be exercised during testing. Use of model checking for structural test generation has been proposed by several researchers. The limited application to models used in practice and the state space explosion can, however, impact model checking and hence the process of deriving tests for logic coverage. Thus, there is a need to validate these approaches against relevant industrial systems such that more knowledge is built on how to efficiently use them in practice. In this paper, we present a tool-supported approach to handle software written in the Function Block Diagram language such that logic coverage criteria can be formalized and used by a model checker to automatically generate tests. To this end, we conducted a study based on industrial use-case scenarios from Bombardier Transportation AB, showing how our toolbox CompleteTest can be applied to generate tests in software systems used in the safety-critical domain. To evaluate the approach, we applied the toolbox to 157 programs and found that it is efficient in terms of time required to generate tests that satisfy logic coverage and scales well for most of the programs.     

A synergistic model-driven approach for persistence modeling with UML

The Model Driven Development (MDD) approach proposes that models (and model-to-model transformations) play the main role on system development. However, there is not a consensual notation to model persistence based upon object-relational mapping frameworks: while UML lacks specific resources for persistence modeling, the entity-relationship model does not make reference to the dynamic concepts existing in UML.This paper proposes MD-JPA, a UML profile for persistence modeling based on the well-known Java Persistence API 2 (JPA) standard for object-relational mapping, pursuing the modeling of transient and persistent elements in a more coherent and synergistic way. This paper describes the main characteristics of MD-JPA as well as the way that models that adopt such profile can them be used to generate a Java implementation by the application of the proposed model transformations on a MDD approach. Finally, an open source tool was developed to make the results of this work available to the community.     

A layered architecture for uniform version management

Version management is a key part of software configuration management. A big variety of version models has been realized in both commercial systems and research prototypes. These version models differ with respect to the objects put under version control (files, directories, entities, objects), the organization of versions (version graphs versus multidimensional version spaces), the granularity of versioning (whole software products versus individual components), emphasis on states versus emphasis on changes (state-versus change-based versioning), rules for version selection, etc. We present a uniform version model-and its support architecture-for software configuration management. Unlike other unification approaches, such as UML for object-oriented modeling, we do not assemble all the concepts having been introduced in previous systems. Instead, we define a base model that is built on a small number of concepts. Specific version models may be expressed in terms of this base model. Our approach to uniform version management is distinguished by its underlying layered architecture. Unlike the main stream of software configuration management systems, our instrumentable version engine is completely orthogonal to the data model used for representing software objects and their relationships. In addition, we introduce version rules at the bottom of the layered architecture and employ them as a uniform mechanism for expressing different version models. This contrasts to the main stream solution, where a specific version model-usually version graphs-is deeply built into the system and version rules are dependent on this model     

Activity-based DEVS modeling

Use of model-driven approaches has been increasing to significantly benefit the process of building complex systems. Recently, an approach for specifying model behavior using UML activities has been devised to support the creation of DEVS models in a disciplined manner based on the model driven architecture and the UML concepts. In this paper, we further this work by grounding Activity-based DEVS modeling and developing a fully-fledged modeling engine to demonstrate applicability. We also detail the relevant aspects of the created metamodel in terms of modeling and simulation. A significant number of the artifacts of the UML 2.5 activities and actions, from the vantage point of DEVS behavioral modeling, is covered in details. Their semantics are discussed to the extent of time-accurate requirements for simulation. We characterize them in correspondence with the specification of the atomic model behavior. We demonstrate the approach with simple, yet expressive DEVS models.     

A Contextual Approach for Designing and Using OR Quantitative Models

Practitioners of Operations Research (OR) traditionally concentrate on mathematical and computational aspects of quantitative models, sometimes resulting in risky implementation or early model obsolescence. We propose an approach, inspired by system concepts and technology management, which includes softer influences, such as decision frequency, model life cycle and technological stage of management, to help modeling and model management decisions. Some graphic indicators are developed to help diagnosis and conception.     

时空轨迹数据驱动的自动驾驶场景元建模方法

时空轨迹数据驱动的汽车自动驾驶场景建模,是当前汽车自动驾驶领域中驾驶场景建模、仿真所面临的关键问题,对于提高系统的安全性具有重要研究意义.近年来,随着时空轨迹数据建模及应用研究的快速发展,时空轨迹数据应用于特定领域建模的研究引起人们的广泛关注.但由于时空轨迹数据所反映现实世界的多元性和复杂性以及时空轨迹数据的海量、异构、动态等特点,基于时空轨迹数据驱动的安全攸关场景建模的研究仍面临着挑战,包括：统一的时空轨迹数据元模型、基于时空轨迹数据的元建模方法、基于数据分析技术的时空轨迹数据处理、数据质量评价等.针对汽车自动驾驶领域的场景建模需求,我们提出一种基于MOF元建模体系构建时空轨迹数据的元建模方法,根据时空轨迹数据的特征及自动驾驶的领域知识,构建了面向汽车自动驾驶的时空轨迹数据元模型;并基于此,提出基于时空轨迹数据元建模技术体系的自动驾驶安全场景建模方法,并使用场景建模语言ADSML实例化安全场景,构建安全场景库,旨在为此类系统的安全关键场景建模提供一种可行的方案.结合变道超车场景的案例,展示了时空轨迹数据驱动的自动驾驶安全场景元建模方法的可用性,为场景模型的构建、仿真、分析奠定了基础.     

OPM vs. UML--Experimenting with Comprehension and Construction of Web Application Models

Object-Process Methodology (OPM), which is a holistic approach to modeling and evolving systems, views objects and processes as two equally important entities that describe the system's structure and behavior in a single model. Unified Modeling Language (UML), which is the standard object-oriented modeling language for software systems, separates the system model into various aspects, each of which is represented in a different view (diagram type).The exponential growth of the Web and the progress of Internet-based architectures have set the stage for the proliferation of a variety of Web applications, which are classified as hybrids between hypermedia and information systems. Such applications require a modeling approach that is capable of clearly specifying aspects of their architecture, communication, and distributive nature. Since UML and OPM are two candidates for this task, this study has been designed to establish the level of comprehension and the quality of the constructed Web application models using each one of these two approaches.In the experiment we carried out, third year undergraduate information systems engineering students were asked to respond to comprehension and construction questions about two representative Web application models. The comprehension questions related to the system's structure, dynamics, and distribution aspects. The results suggest that OPM is better than UML in modeling the dynamics aspect of the Web applications. In specifying structure and distribution aspects, there were no significant differences. The results further suggest that the quality of the OPM models students built in the construction part was superior to that of the corresponding UML models.     

Allocation and analysis of reliability: multiple levels: system, subsystem, and module

We model the reliability allocation and prediction process across a hierarchical software system comprised of modules, subsystems, and system. We experiment in modeling complex reliability software systems using several software reliability models to test the feasibility of the process and to evaluate the accuracy of the models for this application. This is a subject deserving research and experimentation because this type of system is implemented in safety-critical projects, such as National Aeronautics and Space Administration (NASA) flight software modules, that we use in our experiments. Given the reliability requirement of a software system in the software planning or design stage, we predict each module’s reliability and their relationships (e.g., reliability interactions among modules, subsystems, and system), Our critical interfaces and components are failure-mode sequences and the modules that comprise these sequences, respectively. In addition, we evaluate how sensitive the achievement of reliability goals is to predicted component reliabilities that do not meet expectations.     

Multi-layered interactive energy space modeling for near-optimal electrification of terrestrial,shipboard and aircraft systems

In this paper, we introduce a basic multi-layered modeling framework for posing the problem of safe, robust and efficient design and control that may lend itself to ripping potential benefits from electrification. The proposed framework establishes dynamic relations between physical concepts such as stored energy, useful work, and wasted energy, on one hand; and modeling, simulation, and control of interactive modular complex dynamical systems, on the other. In particular, our recently introduced energy state-space modeling approach for electric energy systems is further interpreted using fundamental laws of physics in multi-physical systems, such as terrestrial energy-systems, aircrafts and ships. The interconnected systems are modeled as dynamically interacting modules. This approach is shown to be particularly well-suited for scalable optimization of large-scale complex systems. Instead of having to use simpler models, the proposed multi-layered modeling of system dynamics in energy space offers a promising basic method for modeling and controlling inter-dependencies across multi-physics subsystems for both ensuring feasible and near-optimal operation. It is illustrated how this approach can be used for understanding fundamental physical causes of inefficiencies created either at the component level or are a result of poor matching of their interactions.     

Automating data exchange in process choreographies

Communication between organizations is formalized as process choreographies in daily business. While the correct ordering of exchanged messages can be modeled and enacted with current choreography techniques, no approach exists to describe and automate the exchange of data between processes in a choreography using messages. This paper describes an entirely model-driven approach for BPMN introducing a few concepts that suffice to model data retrieval, data transformation, message exchange, and correlation – four aspects of data exchange. For automation, this work utilizes a recent concept to enact data dependencies in internal processes. We present a modeling guideline to derive local process models from a given choreography; their operational semantics allows to correctly enact the entire choreography from the derived models only including the exchange of data. Targeting on successful interactions, we discuss means to ensure correct process choreography modeling. Finally, we implemented our approach by extending the camunda BPM platform with our approach and show its feasibility by realizing all service interaction patterns using only model-based concepts.